When a user logs in via SSO after their org has offboarded from TDE, we now show them a helpful error message stating that they must either login on a Trusted device, or ask their admin to assign them a password.
Feature flag: `PM16117_SetInitialPasswordRefactor`
* Add new device type for DuckDuckGo browser
* Added feature support property for sync domains
* Added new features
* Added isDuckDuckGo() to CLI
* Addressed PR feedback.
* Renamed new property
* Fixed rename that missed CLI.
* add end user feature flag
* add initial setup extension component and route
* redirect users from registration completion to the setup extension page
* add `hideIcon` to anon layout for web
- matches implementation on the browser.
* integrate with anon layout for extension wrapper
* add initial loading state
* conditionally redirect the user upon initialization
* redirect the user to the vault if the extension is installed
* add initial copy for setup-extension page
* add confirmation dialog for skipping the extension installation
* add success state for setup extension page
* only show loggedin toast when end user activation is not enabled.
* add image alt
* lower threshold for polling extension
* close the dialog when linking to the vault
* update party colors
* use the platform specific registration service to to only forward the web registrations to `/setup-extension`
* call `super` rather than `/vault` directly, it could change in the future
This PR makes it so that `SetInitialPasswordComponent` handles the TDE offboarding flow where an org user now needs to set an initial master password.
Feature flag: `PM16117_SetInitialPasswordRefactor`
This change updates every import of StorageServiceProvider,
AbstractStorageService, and ObservableStorageService throughout the common
state code (including spec files) to pull from the new
@bitwarden/storage-core package instead of their old relative paths. The cuts
out one of the issues that needs to be resolved before state can hold its own
as a library without importing common.
* Passkey: use ArrayBuffer instead of Uint8Array to conform WebAuthn spec
* ArrayBufferView generics was too modern for this project
* Correctly update the types from Uint8arrays to ArrayBuffers
* Fixed broken tests + bugs
* Removed arrayBufferViewToArrayBuffer as it's not needed in this invocation paths
---------
Co-authored-by: ozraru <ozraru@raru.work>
Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>
* add `WebBrowserInteractionService` and check for the extension observable
* update checkForExtension to use observables rather than window timeouts
* add open extension to WebBrowserInteractionService
* add at-risk-passwords to `PopupPageUrls`
* refactor `PopupPageUrls` to `ExtensionPageUrls`
* add test for passing a page
* refactor `Default` to `Index`
* clean up complete/next issue using `race`
* refactor page to url
* continue listening for messages from the extension after subscribed
* mark risk passwords a deprecated
* remove takeUntilDestroyed
* add back `takeUntilDestroyed` for internal `messages`
* removed null filter - unneeded
* add tap to send message for extension installation
* add check for accepted urls to prevent any bad actors from opening the extension
* feat: Create methods for calling GET auth-request/pending endpoint.
* feat: update banner service on web, and desktop vault
* test: updated banner test to use auth request services
* fix: DI fixes
* feat: add RequestDeviceId to AuthRequestResponse
* fix: add Browser Approvals feature flags to desktop vault and web vault banner service
* test: fix tests for feature flag
* Don't put subscription to our server when it's existing
* Only update server when subscription-user associations change
---------
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Created new service to get restricted types for the CLI
* Created service for cli to get restricted types
* Utilized restriction service in commands
* Renamed function
* Refactored service and made it simpler to check when a cipher type is restricted or not
* Moved service to common so it can be utilized on the cli
* Refactored service to use restricted type service
* Removed userId passing from commands
* Exclude restrict types from export
* Added missing dependency
* Added missing dependency
* Added missing dependency
* Added service utils commit from desktop PR
* refactored to use reusable function
* updated reference
* updated reference
* Fixed merge conflicts
* Refactired services to use isCipherRestricted
* Refactored restricted item types service
* Updated services to use the reafctored item types service
* add restricted item types to legacy vault components
* filter out restricted item types from new menu item in desktop
* use CIPHER_MENU_ITEMS
* use CIPHER_MENU_ITEMS. move restricted cipher service to common
* use move restricted item types service to libs. re-use cipher menu items
* add shareReplay. change variable name
* move restricted filter to search service. remove unecessary import
* add reusable service method
* clean up spec
* add optional chain
* remove duplicate import
* move isCipherViewRestricted to service module
* fix logic
* fix logic
* remove extra space
---------
Co-authored-by: SmithThe4th <gsmith@bitwarden.com>
* Added service to get restricted cipher and used that to hide in autofill settings
* Referenced files from the work done on web
* Fixed restrictedCardType$ observable
* Created resuseable cipher menu items type
(cherry picked from commit 34be7f7ffef135aea2449e11e45e638ebaf34ee8)
* Updated new item dropdown to filter out restricted type and also render the menu items dynamically
(cherry picked from commit 566099ba9f3dbd7f18077dbc5b8ed44f51a94bfc)
* Updated service to have cipher types as an observable
(cherry picked from commit 6848e5f75803eb45e2262c617c9805359861ad14)
* Refactored service to have use CIPHER MENU ITEMS type and filter restricted rypes and return an observable
(cherry picked from commit e25c4eb18af895deac762b9e2d7ae69cc235f224)
* Fixed type enum
* Referenced files from the work done on web
* Referenced change from the work done on web
* Remove comment
* Remove cipher type from autofill suggestion list when enabled
* revert autofillcipher$ change
* Fixed test
* Added sharereplay to restrictedCardType$ observable
* Added startwith operator
* Add organization exemptions to restricted filter
* PM-19555 - LogoutService - build abstraction, default, and extension service and register with service modules
* PM-19555 - Lock Comp - use logoutService
* PM-19555 - LoginDecryptionOptions - Use logout service which removed need for extension-login-decryption-options.service
* PM-19555 - AccountSwitcher logic update - (1) Use logout service + redirect guard routing (2) Remove logout method from account switcher service (3) use new NewActiveUser type
* PM-19555 - Extension - Acct Switcher comp - clean up TODOs
* PM-19555 - Add TODOs for remaining tech debt
* PM-19555 - Add tests for new logout services.
* PM-19555 - Extension - LoginInitiated - show acct switcher b/c user is AuthN
* PM-19555 - Add TODO to replace LogoutCallback with LogoutService
* PM-19555 WIP
* PM-19555 - Extension App Comp - account switching to account in TDE locked state works now.
* PM-19555 - Extension App Comp - add docs
* PM-19555 - Extension App Comp - add early return
* PM-19555 - Desktop App Comp - add handling for TDE lock case to switch account logic.
* PM-19555 - Extension - Account Component - if account unlocked go to vault
* PM-19555 - Per PR feedback, clean up unnecessary nullish coalescing operator.
* PM-19555 - Extension - AppComponent - fix everHadUserKey merge issue
* PM-19555 - PR feedback - refactor switchAccount and locked message handling on browser & desktop to require user id. I audited all callsites for both to ensure this *shouldn't* error.
* Add comments to AuditService Abstraction
* Replace throttle usage with rxjs mergeMap with concurrent limit
* Add test cases for audit service
* Remove throttle
